Behind the Deal: The Rising Fraud Threat in Mergers and Acquisitions

While certain cyberattacks are prevalent across the corporate landscape, threat actors deliberately time them to coincide with critical stages of the M&A process to maximize their impact.

• Business email compromise (BEC)
  In BEC schemes, attackers spoof email addresses of company executives or finance personnel to impersonate them. The goals of business email compromise scams are to trick employees into taking urgent actions, such as updating customer payment information or initiating wire transfers to fraudulent accounts, often under the guise of merger-related instructions.
  
  
• Account takeover
  With AI, fraudsters commonly commit phishing or credentials stuffing to gain unauthorized access to corporate accounts. Once inside, attackers can manipulate sensitive financial information, redirect payments or steal intellectual property, often going undetected amid organizational changes.
  
  
• Authorized push payment fraud
  Authorized Push Payment (APP) fraud tricks employees and customers into willingly sending payments to accounts controlled by criminals. APP is unlike traditional unauthorized transactions in that the sender initiates the payment themselves, believing the transaction is for a legitimate purpose such as paying a supplier, closing a deal or following instructions that seem to be from a trusted source.
  
  
• Invoice fraud
  Fraudsters may intercept legitimate communications, impersonate trusted parties or use AI-generated emails to manipulate invoice details and redirect funds to their own accounts during deal closings. Criminals may also send fake notices to customers advising them of changes in their bank accounts or invoices to redirect funds to fraudulent accounts.
  
  
• Deepfakes
  Gen AI enables criminals to impersonate key executives or stakeholders in video calls or audio messages. These fake communications direct employees to transfer funds, disclose confidential information or authorize changes in business operations. Criminals also use AI deepfakes to create fraudulent documents or presentations that appear legitimate to further deceive investors, partners and employees.
  
  
• Ransomware
  During M&A activity, attackers are aware that organizations may experience operational disruptions, gaps in IT oversight and inconsistent security practices. The urgency to maintain business continuity and avoid delays in the M&A process may pressure targeted companies to pay the ransom quickly since downtime caused by encrypted systems could jeopardize the success of the deal.
  
  Ransomware attackers may use double extortion tactics, threatening to leak sensitive data if corporations don’t meet their demands. Even when corporations pay the ransom fraudsters may still sell the information on the dark web or use it to commit more fraud.
  
  
• Small-cap “pump-and-dump”
  This is a type of securities fraud in which criminals artificially inflate (“pump”) a small-cap company stock price using misleading or false information. They usually target companies with low market capitalization and/or small, less liquid stocks because the prices are easy to manipulate during high-profile events like mergers or IPOs. After driving up the price, the perpetrators then sell (“dump”) their own shares at the inflated price via a nominee account, leaving unsuspecting investors holding shares that quickly lose value once the truth emerges and the price collapses.

Uncover hidden threats and prevent costly disruptions early on.

Organizational changes during M&A activity often create gaps in oversight and inconsistencies in security controls. Training employees to identify and avoid phishing, social engineering and deepfake threats, as well as establishing clear responsibilities and communications for verifying payment requests are critical to creating a security-centric culture. Corporations should also establish consistent security protocols before and after M&A activity.

• Conduct comprehensive due diligence.
  Rigorously vet all parties involved in the transaction, including a deep dive into financials, key personnel, IT systems and third-party vendors. Engage forensic specialists when necessary to uncover hidden risks or suspicious activities.
  
  
• Strengthen cybersecurity protocols.
  Implement security measures such as multifactor authentication, regular system audits and network segmentation. Ensure both merging organizations adhere to the same exacting standards M&A to minimize gaps during integration.
  
  
• Monitor for shadow IT and unusual behavior.
  Identify and control unauthorized applications and devices. Use advanced monitoring data security tools to detect abnormal access patterns, privilege escalations or suspicious data transfers throughout the M&A process.
  
  
• Develop an incident response plan.
  Create a formalized response strategy to prepare for potential breaches or fraud attempts. This plan should include steps for containment, investigation, communication and remediation, ensuring minimal disruption to the deal.
  
  
• Engage external advisors.
  Consult with legal, financial and cybersecurity experts who specialize in M&A activity to provide independent oversight and help identify evolving risks unique to the transaction.
  
  
• Regularly review and update policies.
  Continuously assess and improve fraud prevention and detection protocols to keep pace with new threats, technologies and regulatory requirements.
  
  
• Provide ongoing fraud awareness communications and training.
  Educate both employees and customers about potential threats and ploys. Those who recognize and avoid scams early on are the strongest line of defense.

Proactively adopting best practices can help corporations significantly reduce the risk of falling victim to M&A-related data security fraud and ensure a smoother, more secure transaction process.

Safeguard your organization against merger-related fraud.

When you understand the unique risks associated with company mergers and acquisitions, your organization can preserve deal integrity and ensure business partnerships that are collaborative, mutually beneficial and built on trust.

Synovus can help. For guidance from our experienced banking and fraud specialists, simply complete a short form and a Synovus Treasury & Payment Solutions Consultant will reach out with more details. You’re also welcome to visit one of our local branches.

Caleb Callahan is Head of Fraud for Synovus’ Financial Crimes Unit, with over 20 years in Payments, Enterprise Risk Management, and Fraud Identification, Analysis and Prevention. Callahan is skilled in designing and implementing comprehensive fraud prevention strategies and leading top-level fraud operations teams.